如何在 rsyslog 模板中转义或删除双引号

从 rsyslog 4.6.2 开始，您似乎只需使用json属性选项：

$template JsonFormat,"{\"msg\":\"%msg:::json%\",\"app-name:::json\":\"%app-name:::json%\"}\n",sql

看这里更多细节。

我发现了一个非常丑陋的解决方案，我很乐意用一些合理的方法代替它：

$template JsonFormat,"{\"rawmsg\":\"%rawmsg:R,BRE,1,BLANK,0:\([^\"]*\)\"*--end%%rawmsg:R,BRE,1,BLANK,1:\([^\"]*\)\"--end%%rawmsg:R,BRE,1,BLANK,2:\([^\"]*\)\"--end%%rawmsg:R,BRE,1,BLANK,3:\([^\"]*\)\"--end%%rawmsg:R,BRE,1,BLANK,4:\([^\"]*\)\"--end%%rawmsg:R,BRE,1,BLANK,5:\([^\"]*\)\"--end%%rawmsg:R,BRE,1,BLANK,6:\([^\"]*\)\"--end%%rawmsg:R,BRE,1,BLANK,7:\([^\"]*\)\"--end%%rawmsg:R,BRE,1,BLANK,8:\([^\"]*\)\"--end%%rawmsg:R,BRE,1,BLANK,9:\([^\"]*\)\"--end%\",\"msg\":\"%msg:R,BRE,1,BLANK,0:\([^\"]*\)\"*--end%%msg:R,BRE,1,BLANK,1:\([^\"]*\)\"--end%%msg:R,BRE,1,BLANK,2:\([^\"]*\)\"--end%%msg:R,BRE,1,BLANK,3:\([^\"]*\)\"--end%%msg:R,BRE,1,BLANK,4:\([^\"]*\)\"--end%%msg:R,BRE,1,BLANK,5:\([^\"]*\)\"--end%%msg:R,BRE,1,BLANK,6:\([^\"]*\)\"--end%%msg:R,BRE,1,BLANK,7:\([^\"]*\)\"--end%%msg:R,BRE,1,BLANK,8:\([^\"]*\)\"--end%%msg:R,BRE,1,BLANK,9:\([^\"]*\)\"--end%\",\"hostname\":\"%hostname%\",\"fromhost\":\"%fromhost%\",\"syslogtag\":\"%syslogtag%\",\"programname\":\"%programname%\",\"priority\":\"%pri%\",\"priority-text\":\"%PRI-text%\",\"infounittype\":\"%iut%\",\"syslogfacility\":\"%syslogfacility%\",\"syslogfacility-text\":\"%syslogfacility-text%\",\"syslogseverity\":\"%syslogseverity%\",\"syslogseverity-text\":\"%syslogseverity-text%\",\"timegenerated\":\"%timegenerated%\",\"timereported\":\"%timereported%\",\"app-name\":\"%app-name%\",\"procid\":\"%procid%\",\"msgid\":\"%msgid%\"}\n"

它的作用是使用正则表达式将字符串分成几部分，然后将它们粘贴在一起并删除双引号 - 并且限制消息中只有 10 个双引号。